Vulnerabilities > Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-03-13 | CVE-2023-24762 | OS Command Injection vulnerability in Dlink Dir-867 Firmware 1.30B07 OS Command injection vulnerability in D-Link DIR-867 DIR_867_FW1.30B07 allows attackers to execute arbitrary commands via a crafted LocalIPAddress parameter for the SetVirtualServerSettings to HNAP1. | 9.8 |
| 2023-03-09 | CVE-2023-27985 | OS Command Injection vulnerability in GNU Emacs 28.1/28.2 emacsclient-mail.desktop in Emacs 28.1 through 28.2 is vulnerable to shell command injections through a crafted mailto: URI. | 7.8 |
| 2023-03-08 | CVE-2023-1277 | OS Command Injection vulnerability in Ubuntukylin Kylin-System-Updater 1.4.20Kord A vulnerability, which was classified as critical, was found in kylin-system-updater up to 1.4.20kord on Ubuntu Kylin. | 7.8 |
| 2023-03-08 | CVE-2023-25395 | OS Command Injection vulnerability in Totolink A7100Ru Firmware 7.4Cu.2313B20191024 TOTOlink A7100RU V7.4cu.2313_B20191024 router was discovered to contain a command injection vulnerability via the ou parameter at /setting/delStaticDhcpRules. | 9.8 |
| 2023-03-07 | CVE-2022-39951 | OS Command Injection vulnerability in Fortinet Fortiweb A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiWeb version 7.0.0 through 7.0.2, FortiWeb version 6.3.6 through 6.3.20, FortiWeb 6.4 all versions allows attacker to execute unauthorized code or commands via specifically crafted HTTP requests. | 8.8 |
| 2023-03-04 | CVE-2023-26490 | OS Command Injection vulnerability in Mailcow Mailcow: Dockerized mailcow is a dockerized email package, with multiple containers linked in one bridged network. | 8.8 |
| 2023-03-03 | CVE-2023-26213 | OS Command Injection vulnerability in Barracuda products On Barracuda CloudGen WAN Private Edge Gateway devices before 8 webui-sdwan-1089-8.3.1-174141891, an OS command injection vulnerability exists in /ajax/update_certificate - a crafted HTTP request allows an authenticated attacker to execute arbitrary commands. | 7.2 |
| 2023-03-01 | CVE-2023-20075 | OS Command Injection vulnerability in Cisco Email Security Appliance Vulnerability in the CLI of Cisco Secure Email Gateway could allow an authenticated, remote attacker to execute arbitrary commands. These vulnerability is due to improper input validation in the CLI. | 6.7 |
| 2023-02-27 | CVE-2023-26759 | OS Command Injection vulnerability in Smeup ERP Tokyov6R1M220406 Sme.UP ERP TOKYO V6R1M220406 was discovered to contain an OS command injection vulnerability via calls made to the XMService component. | 8.8 |
| 2023-02-25 | CVE-2023-26039 | OS Command Injection vulnerability in Zoneminder ZoneMinder is a free, open source Closed-circuit television software application for Linux which supports IP, USB and Analog cameras. | 8.8 |